Changeset 411 for branches/samba-3.3.x/source/lib/system.c

Timestamp:

Mar 1, 2010, 3:05:48 PM (15 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3.x to 3.3.11

File:

• branches/samba-3.3.x/source/lib/system.c (modified) (4 diffs)

branches/samba-3.3.x/source/lib/system.c

@@ -708 +708 @@
 #if defined(HAVE_POSIX_CAPABILITIES)
 
+/* This define hasn't made it into the glibc capabilities header yet. */
+#ifndef SECURE_NO_SETUID_FIXUP
+#define SECURE_NO_SETUID_FIXUP          2
+#endif
+
 /**************************************************************************
  Try and abstract process capabilities (for systems that have them).
@@ -738 +743 @@
 #endif
 
+#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)
+        /* New way of setting capabilities as "sticky". */
+
+        /*
+         * Use PR_SET_SECUREBITS to prevent setresuid()
+         * atomically dropping effective capabilities on
+         * uid change. Only available in Linux kernels
+         * 2.6.26 and above.
+         *
+         * See here:
+         * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
+         * for details.
+         *
+         * Specifically the CAP_KILL capability we need
+         * to allow Linux threads under different euids
+         * to send signals to each other.
+         */
+
+        if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
+                DEBUG(0,("set_process_capability: "
+                        "prctl PR_SET_SECUREBITS failed with error %s\n",
+                        strerror(errno) ));
+                return false;
+        }
+#endif
+
         cap = cap_get_proc();
         if (cap == NULL) {
@@ -766 +797 @@
 #endif
                         break;
+                case KILL_CAPABILITY:
+#ifdef CAP_KILL
+                        cap_vals[num_cap_vals++] = CAP_KILL;
+#endif
+                        break;
         }
 
@@ -775 +811 @@
         }
 
-        cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
-                enable ? CAP_SET : CAP_CLEAR);
+        /*
+         * Ensure the capability is effective. We assume that as a root
+         * process it's always permitted.
+         */
+
+        if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+                        enable ? CAP_SET : CAP_CLEAR) == -1) {
+                DEBUG(0, ("set_process_capability: cap_set_flag effective "
+                        "failed (%d): %s\n",
+                        (int)capability,
+                        strerror(errno)));
+                cap_free(cap);
+                return false;
+        }
 
         /* We never want to pass capabilities down to our children, so make
          * sure they are not inherited.
          */
-        cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
+        if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
+                        cap_vals, CAP_CLEAR) == -1) {
+                DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
+                        "failed (%d): %s\n",
+                        (int)capability,
+                        strerror(errno)));
+                cap_free(cap);
+                return false;
+        }
 
         if (cap_set_proc(cap) == -1) {
-                DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",
+                DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",
+                        (int)capability,
                         strerror(errno)));
                 cap_free(cap);